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Abstract: 

Most knowledge representation languages are based on classes and taxonomic 
relationships between classes. Taxonomic hierarchies without defaults or ex- 
ceptions are semantically equivalent to a collection of formulas in first or- 
der predicate calculus. Although designers of knowledge representation lan- 
guages often express an intuitive feeling that there must be some advantage 
to representing facts as taxonomic relationships rather than first order for- 
mulas, there are few, if any, technical results supporting this intuition. We 
attempt to remedy this situation by presenting a taxonomic syntax for first 
order predicate calculus and a series of theorems that support the claim that 
taxonomic syntax is superior to classical syntax. 
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1 Introduction 

Most knowledge representation languages are based on classes and taxonomic 
relationships between classes [Bobrow and Winograd, 1977], [Fahlman, 1979], 
[Brachman, 1983], [Brachman et a/., 1983]. Taxonomic hierarchies without 
defaults or exceptions are semantically equivalent to a collection of formulas 
in first order predicate calculus. Designers of knowledge representation lan- 
guages have argued that there are computational advantages to representing 
facts as taxonomic relationships rather than first order formulas. However, 
these arguments are usually non-technical, appealing to the reader's intuition 
and common sense rather than technical analysis. 

We define a taxonomic syntax for first order predicate calculus. In this 
syntax terms are generalized to the notion of a class expression. Each class 
expression denotes a subset of the first order domain and all atomic formulas 
are simple statements about class expressions. We show that the quantifier- 
free taxonomic literals, i.e. atomic formulas or their negations 1 are more 
expressive than literals of classical first order logic. For example, there exists 
a set of two quantifier-free taxonomic literals that is satisfiable but is not 
satisfied by any finite first order structure — any satisfiable set of literals in 
the classical predicate calculus with equality can be satisfied by some finite 
structure. In spite of the increased expressive power of taxonomic literals, 
we show that the satisfiability of any set of quantifier-free taxonomic literals 
is polynomial time decidable. 

The two basic observations about taxonomic syntax — that quantifier-free 
taxonomic literals are more expressive than classical literals, and that the 
satisfiability of a set of quantifier-free taxonomic literals is polynomial time 
decidable — suggest that taxonomic syntax is more powerful, in some way, 
than classical syntax. However, these observations do not provide any clear 
way of taking advantage of taxonomic syntax in general theorem proving. To 
show the value of taxonomic syntax in general theorem proving, we define 
a "high-level" proof system based on a strengthened version of the decision 
procedure for the decidability of a set of quantifier-free taxonomic literals. 

In taxonomic syntax it is possible for atomic formulas to contain quantifiers; the 
decidability result only applies to sets of quantifier-free taxonomic literals. 



The strengthened decision procedure provides a technical notion of an "ob- 
vious" step in a mathematical proof; a high-level proof is a sequence of steps 
where each step obviously follows from previous steps. 

There is a continuum between theorem verification and theorem proving. 
No modern theorem proving system can automatically find proofs of theo- 
rems as hard as the prime factorization theorem in number theory. A man- 
machine interactive system, however, can be used to verify such theorems 
[Bledsoe, 1977], [Boyer and Moore, 1979], [Constable et al, 1985], [Ketonen, 
1984] [McAllester, 1989]. Without powerful theorem proving mechanisms the 
amount of user-provided detail required is so large that non-trivial verifica- 
tions are impractical. As the requirement for user-provided detail decreases, a 
verification system can make a continuous transformation from being a proof 
verifier to a proof finder. Thus the classification of systems into verifiers 
and provers is somewhat arbitrary. A high-level proof system combines the 
notion of a user-specified proof with the notion of a sophisticated theorem- 
proving procedure that determines the correctness of individual proof steps. 
The decision procedure for proof-step correctness should always terminate 
quickly. 

Many of the features of the high-level proof system introduced here, such 
as focus objects and rules of obviousness, are independent of taxonomic syn- 
tax. These features of high-level proof systems were introduced by McAllester 
in the Ontic theorem verification system, [McAllester, 1989], and found to 
be effective in a machine verification of a proof of the Stone representation 
theorem for Boolean lattices from the axioms of Zermelo-Fraenkel set the- 
ory. The high-level proof system introduced by McAllester is not based on 
taxonomic syntax. In this paper we argue in favor of taxonomic syntax by 
comparing the length of high-level proofs in a system based on classical syn- 
tax with the length of proofs in an analogous system based on taxonomic 
syntax. We show that any proof in classical syntax can be translated into a 
proof of the same length in taxonomic syntax. Furthermore, we conjecture 
that the converse is not true, i.e., we conjecture that there exist proofs in 
taxonomic syntax such that all classical syntax proofs of the same result are 
much longer. 



2 Taxonomic Syntax for First Order Logic 

Our taxonomic syntax for first order logic is organized around classes and 
taxonomic formulas. Consider a model of first order logic. Each class ex- 
pression of taxonomic syntax denotes a subset of the domain, or universe of 
discourse, of the first order model. The class expressions include ordinary 
first order terms as a special case. Under the semantics of taxonomic expres- 
sions, terms are class expressions that denote singleton sets. But there are 
many class expressions that are not terms in the ordinary sense. For exam- 
ple, a predicate symbol P of one argument is a class expression denoting the 
set of all objects in the first order domain that satisfy the predicate P. If 
s 1 ...3k are class expressions, and f is a function symbol which takes k argu- 
ments, then f(si ...Sk) is also a class expression and denotes the set of all 
elements which can be written as f (x t ...x k ) where x { is an element of the set 
denoted by s { . Now consider a fc-ary predicate symbol R, i.e., a predicate of 
k arguments. A predicate of k arguments can be viewed as a function which 
takes k — 1 arguments and returns a set. More specifically, we can write 
R (x 1 . . . x k -i) to denote the set of all elements y such that R(x 1 ... x k -i, y) 
is true. If si . . . s k -\ are class expressions then R(s 1 . . . s k -i) is also a class 
expression and denotes the union of all sets of the form R(xi . . . x k -i) where 
Xi is an element of s t -. A class expression completely constructed from vari- 
ables, constants, and function symbols will be called a term. Terms always 
denote singleton sets. In addition to the class expressions discussed above, 
taxonomic syntax allows for classes defined with formulas; one can construct 
a class expression that denotes the set of all objects x that satisfy an arbitrary 
formula $(s). In order to ensure that taxonomic syntax is expressively equiv- 
alent to classical first order logic, a distinguished class expression, A-Thing, 
always denoted the entire domain in any first order interpretation. For the 
sake of technical simplicity, we only allow interpretations with non-empty 
semantic domains. Thus the class A-Thing always denotes a non-empty set. 

The formulas of taxonomic syntax include atomic statements about the 
taxonomic relationships between class expressions. More specifically, we 
write (is 8l s 2 ) to say that the class s x is a subset of the class s 2 . We also 
write (there-exists s) to say that the class s is non-empty and we write 
(DETERMINED s) to say that there is at most one element of the class s. Finally, 



we write (intersects s t) to say that the class s has a non-empty intersection 
with the class t. 



Definition: A class expression is either 

• a variable, 

• a constant symbol, 

• a monadic predicate symbol, 

• a &-ary function symbol applied to a fc class expressions, 

• a fc-ary predicate symbol applied to k - 1 class expressions, 

• a such- that expression of the form (s x S.T. $(x)) where s is 
a class expression, # is a variable, and $(x) is a taxonomic 



formula, 

• or the distinguished class expression A-Thing. 
A taxonomic formula is either 

• an is-formula, (is 8l s 2 ), where si and s 2 are class expres- 
sions, 

• an existence-formula, (there-exists s), where s is a class ex- 
pression, 

• a determined-formula, (DETERMINED s), where 5 is a class ex- 
pression, 

• an intersection-formula (INTERSECTS s t) where s and t are 
class expressions, 

• or a Boolean combination of taxonomic formulas. 

Formulas of the first four kinds will be called atomic formulas. A 
literal is either an atomic formula or the negation of an atomic 
formula. A formula or class expression is quantifier-free if it does 
not contain any such- that class expressions. 

Given a model of first order logic and an interpretation of every variable 
as an element of the first order domain, each class expression in taxonomic 



syntax can be unambiguously interpreted as a subset of the first order do- 
main and each formula of taxonomic syntax can be assigned an unambiguous 
truth value. For example, the formula (IS x A-Person) is true just in case the 
value of the variable x is an element of the set denoted by the class expres- 
sion A-Person. The formula (is y A-Child-of(x)) is true just in case the pair 
<x, y> is contained in the relation denoted by A-Child-of. The formula 
(IS z A-Child-of(A-Child-of(x))) is true just in case there exists some member y 
of the class A-Child-of(x) such that z is a member of the class A-Child-of(y). 
The formula (IS x Times (2 A-Number)) is true just in case x can be written as 
the product of 2 and some number, i.e., just in case x is an even number. The 
such-that class expression (A-Person xS.T. (THERE-EXISTS A-Child-of(x))) denotes 
the set of all people who have children. 

Our definition of taxonomic formulas does not include classical quantifi- 
cation. All quantification is done with such-that class expressions. For exam- 
ple, the formula (THERE-EXISTS (A-Person xS.T. $(*))) is true just in case there 
exists some element x of the class Person such that $(x) is true. Universal 
quantification can be defined in terms of existential quantification and nega- 
tion. Alternatively, one can express universal quantification directly with 
taxonomic atomic formulas. For example, (IS A-Person (A-Person x S .T . $(*))) 
is true if and only if $(x) is true for every member x of the set denoted by 
A-Person. The special class expression A- Thing ensures that one can quantify 
over the entire first order domain. For example, the classical formula 3x$(x) 
is equivalent to the taxonomic formula (THERE-EXISTS (A-Thing x S.T. &(x))) 
where $'(x) is the taxonomic translation of $(x). 



3 Satisfiability of Quantifier- Free Taxonomic 
Literals 

Every literal in classical first order logic with equality is semantically equiv- 
alent to some quantifier-free taxonomic literal. More specifically, note that 
classical terms are a subset of taxonomic class expressions — any class expres- 
sion constructed purely from constants and function symbols is syntactically 
a term of classical first order logic. For classical terms the IS relation is 



semantically identical to equality, so any equation between classical terms 
is equivalent to a quantifier-free atomic formula of taxonomic syntax. How- 
ever, most non-trivial quantifier-free taxonomic literals are not equivalent 
to any classical literal. For example, let P be a monadic predicate symbol 
and let / be a monadic function symbol. The pair of literals (is P f(P)) 
and (NOT (is f(P) p)) is satisfiable. For example, P can be interpreted as 
the non-negative integers and / as the function that subtracts one from its 
argument. In this case f(P) denotes the set containing the non-negative 
integers plus negative one. One can show, however, that this pair of literals 
cannot be satisfied by any finite first order structure. Every satisfiable set 
of literals in classical first order logic with equality can be satisfied by some 
finite structure. 

Since quantifier-free taxonomic literals are more expressive than classi- 
cal literals, it is not immediately clear whether or not one can efficiently 
determine the satisfiability of a set of quantifier-free taxonomic literals. 

Taxonomic Quantifier-Free Decidability Theorem: The 

satisfiability of a set of quantifier-free taxonomic literals is poly- 
nomial time decidable. 

There is a well known corresponding theorem for classical first order logic; 
the satisfiability of a set of literals in first order logic with equality is poly- 
nomial time decidable. The classical decision procedure is based on the 
congruence closure algorithm [Kozen, 1977], [Downey et al, 1980], [Nelson 
and Oppen, 1980]. Unfortunately, the taxonomic decision procedure is sig- 
nificantly more complex than the classical procedure based on congruence 
closure. To appreciate the complexity of the taxonomic satisfiability prob- 
lem, consider the literals (is f(P) a), (is f(Q) b) and (not (is a b)) where P 
and Q are monadic predicates, / is a monadic function and a and b are 
constant symbols. These literals imply that the classes P and Q must be 
disjoint: if c, say, was in both P and Q, then /(c) must equal both a and 
6, contradicting the third literal. Now suppose we add the literals (is c P), 
(is g( e ) Q), (IS g\P) P) and (is g 7 {Q) Q) where c is a constant symbol, g is 
a monadic function symbol, and g n (s) abbreviates g(g(- ■ • g{s))) with n ap- 
plications of g. All of these literals taken together are unsatisfiable. To see 



this it suffices to observe that, under any interpretation, g 36 (c) must be a 
member of both P and Q. 

Any set of quantifier-free taxonomic literals can be efficiently translated 
into an equisatisfiable set of quantifier-free literals that does not contain 
existence, determined, or intersection-formulas. More specifically, both pos- 
itive and negative literals involving existence, determined, and intersection- 
formulas can be replaced by literals involving is-formulas and new constant 
and function symbols. For example, the literal (NOT (intersects P Q)) can 
be translated into (is f(P) a), (is f(Q) b) and (NOT (is a &)). Thus, without 
loss of generality, one can assume that every literal involves an is-formula. It 
turns out that this apparent simplification, i.e., the elimination of existence, 
determined, and intersection-formulas, is not a simplification at all. Our de- 
cision procedure relies on existence, determined, and intersection formulas. 
The decision procedure is based on the rules of inference listed in figure 1. 

If E is a set of taxonomic literals the notation E ho \£ abbreviates the 
statement that there exists a derivation of \£ from E using the above rules 
of inference. The notation E ho F abbreviates the statement that there 
exists some formula \I> such that E ho ip and E ho (not #). It is not 
clear that one can quickly determine whether or not E ho ip, or whether 
E ho F. However, one can readily construct a decision procedure for a 
seemingly more restricted inference relation. More specifically, the notation 
E H \£ abbreviates the statement that W can be derived from E using the 
above rules such that every class expression appearing in the derivation ofty 
also appears as a subexpression of some formula in E. The notation E H F 
abbreviates the statement that there exists a formula # such that EH* and 
E H (not tf). Section 4 gives a cubic procedure for determining if E H F. 
Section 5 contains a proof that if E is a set of quantifier-free taxonomic 
literals, and E 1/ F, then E is satisfiable. This implies that E H F if and 
only if E ho F and thus the restricted relation is not really any weaker than 
the unrestricted relation. 



(1) (THERE-EXISTS A- Tiling) 

(2) (IS 8 A-Thing) 

(3) (IS 8l ti),...(IS s n t n ) 



(12) (THERE-EXISTS r), (IS r *) 





(IS R( Sl ,...s n ) R(t 1} . 


■■tn)) 


(4) 


(IS r «), (IS s t) 






(IS r t) 




(5) 


(IS * t) 




(6) 


(THERE-EXISTS c) 




(7) 


(DETERMINED c) 




(8) 


(THERE-EXISTS «i) 
(THERE-EXISTS s n ) 





(THERE-EXISTS /(si, • • • «„)) 

(9) (DETERMINED *i), • • • (DETERMINED s n ) 
(DETERMINED /(si, •■•*„)) 

(10) (NOT (DETERMINED <)) 
(THERE-EXISTS t) 

(11) (THERE-EXISTS i2(*i ,...*„)) 
(THERE-EXISTS s,) 



(13) 



(14) 



(15) 



(16) 



(17) 



(18) 



(19) 



(20) 



(THERE-EXISTS t) 

(DETERMINED t), (IS r t) 

(DETERMINED r) 

(NOT (IS r t)) 

(THERE-EXISTS r) 

(THERE-EXISTS r), (IS r «), (IS r i) 

(INTERSECTS s t) 

(INTERSECTS r t), (IS r s) 

(INTERSECTS s t) 

(INTERSECTS n 8l ), ■■■ (INTERSECTS r„ s n ) 

(INTERSECTS f(r lt ...r n ) /(«!,...«„)) 

(INTERSECTS r s) 

(INTERSECTS s r) 

(INTERSECTS r s) 



(THERE-EXISTS s) 

(INTERSECTS s <), (DETERMINED s) 



(IS s t) 



Figure 1: The inference rules for quantifier-free literals. In these rules the 
letters 5, r, and t range over class expressions, c ranges over constant sym- 
bols, / ranges over function symbols, and R ranges over both function and 
predicate symbols. 



4 A Satisfiability Decision Procedure 

Let E be a set of quantifier- free taxonomic literals and let T be the set of class 
expressions containing all class expressions that appear as subexpressions of 
members of E. plus the distinguished class expression A-Thing. The set T 
of class expressions can be viewed as a semantic network where the elements 
of T are viewed as nodes representing classes. The decision procedure for 
determining whether E H F can be viewed as a label-propagation process on 
this network. More specifically, it is possible to show that if # is a formula 
not in E, but EHf, then # must be a label formula for T as defined below. 

Definition: A label formula for a set T of class expressions is 
a formula of the form (THERE-EXISTS *), (DETERMINED s), (is s t), or 
(INTERSECTS s t) where s and t are members of T. 

Since some of the label formulas involve two members of T, it is perhaps 
better to view them as arcs between nodes rather than labels on nodes. It 
is possible to determine whether or not E H F by propagating labels on 
the network T. More specifically, one continues to derive new label formulas 
until no more such derivations can be made. If T contains n nodes then there 
are 0(n 2 ) label formulas. Thus the process of deriving new formulas must 
terminate. If this propagation process yields some label formula # such that 
E contains (NOT *), then E H F, otherwise E 1/ F. 

To analyze the running time of the label propagation procedure it is nec- 
essary to specify the procedure in greater detail. In presenting the details 
of our decision procedure we assume that all class expressions that are ap- 
plications of a relation or function symbol involve at most two arguments. 
Expressions involving more than two arguments can be reformulated in terms 
of expressions that involve only two arguments and thus there is no loss of 
generality in restricting applications to two arguments. More specifically, if 
there is a function / of more than two arguments then one simply introduces 
a new function symbol g and uniformly replaces every class expression of 
the form f(s u s 2 . . . s n ) with f(s u g(s 2 . . . s n )). If the new function g takes 
more than two arguments the process can be repeated. In the worst case this 
transformation process leads to a linear increase in the length of expressions. 

10 



Our procedure runs on a graph-like data structure where each node rep- 
resents an expression in T. This graph-like data structure can be viewed 
as a directed acyclic graph (DAG) representation of the class expressions in 
T. Each node in this graph is a data structure containing various kinds of 
information. The data structure representing a class expression s contains 
fields that are updated whenever a formula of the form (THERE-EXISTS s) or 
(DETERMINED s) is derived. The data structure representing s also contains a 
list of all the nodes t such that the formula (is s t) has been derived, as well 
as a list of all nodes w such that (is w s) has been derived, and a list of 
all nodes u such that (intersects s u) has been derived. Each time a new 
label formula is added the procedure must check to see if this addition can 
be propagated to yield further additional label formulas. There is a prop- 
agation procedure for each kind of label formula. For example there is a 
propagation procedure that is called when a new formula of the form (is s t) 
is derived and a different procedure that is called when a new formula of the 
form (THERE-EXISTS s) is derived. 

Each inference rule is implemented by pieces of propagation procedures. 
Since there is no way of knowing which antecedent will be derived last, each 
antecedent of a given rule corresponds to a piece of one of the propaga- 
tion procedures. For example, consider the third rule of the previous sec- 
tion, the monotonicity rule. For applications involving two arguments, the 
rule says that if one can derive (IS s t) and (is u w), then one can derive 
(IS R(s,u) R(t,w)). Each of the two antecedents of this rule corresponds to 
a piece of the procedure for propagating new is-formulas. Consider the first 
antecedent, (is s t). When a new formula (is s t) is derived a certain piece 
of the procedure for propagating is-formulas finds all expressions in T of the 
form R(s, u). Expressions of the form R(s, u) are stored on a list in the data 
structure representing s. For each previously derived formula of the form 
(IS u w), a hash table lookup is used to see if the expression R(t,w) is in 
T. If so, the formula (is R(s,u) R(t,w)) is derived and, provided that this 
formula has not been previously derived, the is-formula propagation pro- 
cedure is called recursively on the new formula. Since there is no way of 
knowing which antecedent of the rule will be derived last, there is also a 
piece of the procedure for propagating is-formulas that corresponds to the 
second antecedent. When a new is-formula (is u w) is derived, this piece 
finds all expressions in T of the form R(s,u) and then for each previously 

11 



derived formula (is s t) looks for the expression R(t, w) in a hash table. This 
may lead to the recursive addition of another is-formula. Each of the other 
rules can also be implemented with pieces of propagation procedures; one 
piece for each antecedent of the rule. Rule 12, for example, can be imple- 
mented as a piece of the procedure for propagating existence formulas and a 
piece of the procedure for propagating is-formulas. Rule 17 is analogous to 
monotonicity rule and is implemented by pieces of the procedure for propa- 
gating intersection-formulas. The propagation procedures are recursive and 
no queue of outstanding inferences is required. 

The total running time of the propagation process is equal to the sum over 
all rules of the time spent executing the pieces of the propagation procedures 
that correspond to that rule. For example, consider the monotonicity rule as 
discussed above. Assuming that hash table lookups take constant time, the 
time spent executing the monotonicity pieces of the is-formula propagation 
procedure is bounded by some constant times the total number of hash table 
lookups performed by these pieces. It is possible to show that for each term 
R(s, u) in T, and each pair of derived is-formulas of the form (is * t) and 
(is u w), there is exactly one hash table lookup performed by the monotonic- 
ity pieces of the is-formula propagation procedure; at the point where both 
is-formulas are derived the expression R(t, w) will be looked up in the hash 
table. For a fixed expression R(s, u) in T, the propagation process can derive 
at most n 2 pairs of is-formulas of the form (is s t) and (is u w). Therefore, 
there are at most n 3 hash table lookups performed in the monotonicity pieces 
of the is-formula propagation procedure. 

Assuming that no application expression has more than two arguments, 
each rule can be implemented so that at most 0{n 3 ) time is spent in the 
pieces of the propagation procedures that correspond to that rule (where n 
is the number of class expressions in T). Thus, if applications involve at 
most two arguments, the total time spent in the propagation process is at 
most 0(n 3 ). 
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5 Correctness of the Decision Procedure 

Suppose that E is a set of quantifier-free taxonomic literals. This section 
summarizes a proof that if E 1/ F then E is satisfiable and thus the procedure 
of the previous section can determine the satisfiability of E. 2 The proof is 
based on a method for constructing a model of E from the set of label formulas 
# such that E H #. As pointed out earlier, it is possible that E is satisfiable 
and yet there are no finite models of E. Thus, the method of constructing 
a model of E must be capable of yielding infinite models. However, the 
structure of the model is somehow completely characterized by the finite set 
of label formulas # such that Sh$. 

Let T be the set of class expressions containing all class expressions ap- 
pearing as subexpressions of formulas in E plus the distinguished class symbol 
A-Thing. The domain elements in any interpretation of E can be classified 
into types depending on their relationships with the class expressions in T. 
More specifically, if d is a domain element of a model of E, then the T-type of 
d is defined to be the set of class expressions s in T such that d is contained 
in the set denoted by s. If we view the class expressions in T as predicates, 
then the T-type of d is the set of class expressions that are true of d. More 
generally, an T-type is defined to be any subset of the class expressions in T. 
If there are n class expressions in T, then there are 2 n different T- types. We 
say that an T-type r is inhabited in a particular model of E if there exists 
some domain element d of that model whose T-type is r. Of course, there 
can be models in which many of the T-types are not inhabited. 

The model we construct will have the property that existence formulas 
and intersection formulas that are not derivable by label propagation will be 
false in the model. This condition places constraints on the T-types that 
can be inhabited in our model. The types consistent with these constraints 
are said to be E-inhabitable. More specifically, a E-inhabitable T-type is an 

2 We have found two different proofs of this result: one presented in this section and 
another proof based on a syntactic proof that H is the same as H> plus a semantic proof 
that Ho is complete for the detection of unsatisfiability. The syntactic proof that H is the 
same as ho is somewhat complex but similar to the proof given in section 7. The proof that 
ho is semantically complete for detecting the unsatisfiability of quantifier-free taxonomic 
literals is considerably simpler than the direct semantic proof for H given here. 
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T-type r such that 

• r contains the type A-Thing, 

• EH (THERE-EXISTS s) for every s in r, 

• if s is in r and E H (is s tu) then it; is in r, 

• and for all s and w in r, E H (INTERSECTS s w). 

Note that the singleton type {A-Thing} is always E-inhabitable. If 5 is a 
class expression such that E H (there-exists *), then s* is defined to be 
the T-type consisting of all class expressions w such that E H (is s w). 
Inference rule 5 guarantees that s* contains s and inference rules 2, 12, 4, 
and 15 guarantee that s* satisfies the four requirements respectively in the 
definition of a E-inhabitable T-type and thus s* is always E-inhabitable. If 
s is a class expression (possibly outside of T) such that E 1/ (THERE-EXISTS s) 
then s* is defined to be the singleton type {A-Thing}. 

A class expression s in T will be called E-atomic if E H (there-exists s) 
and E H (DETERMINED *). Note that if s is a E-atomic class expression then the 
type s* contains s. Furthermore, one can show that if 5 is E-atomic then s* 
is the only E-inhabitable T-type that contains 3. More specifically, consider 
a E-inhabitable type r that contains s. The definition of E-inhabitability 
ensures that s* is a subset of r. To show that r is a subset of s*, con- 
sider a class expression tin r. The definition of E-inhabitable ensures that 
E H (intersects s t). But inference rule 20 then ensures that E H (is s t) 
and thus t is an element of s*. Thus any E-atomic class expression in T is 
contained in exactly one E-inhabitable T-type. An T-type r will be called 
E-atomic if it is of the form s* for some E-atomic class expression s. Note 
that a E-inhabitable type r is E-atomic if and only if r contains a class 
expression s such that E H (DETERMINED s), in which case r equals s*. 

It is tempting to define the semantic domain of the desired model of 
E to be the set of E-inhabitable types. Unfortunately, this does not allow 
for infinite domains and E may not have finite models. The need for infinite 
domains arises from the need to include "predecessors". If the type r contains 
a class expression of the form f(s) where / is a function symbol, then any 
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domain element d that inhabits the type r must be a member of the class 
denoted by f(s) and thus there must be some predecessor domain element 
d! in the class denoted by s such that f(d') equals d. If E H (is s /(*)) then 
the need to include a predecessor for each element of s may force an infinite 
domain. 

An infinite domain can be constructed by taking the domain elements to 
be pairs of the form <r, a> where r is a E-inhabitable T-type and a is an 
expression that specifies the role played by the domain element. More specif- 
ically, the domain D is defined inductively as follows. Every E-inhabitable 
type must have at least one inhabitant in the model. Thus for, every E- 
inhabitable type r, D contains the pair <r, 0>. If r is E-inhabitable but not 
E-atomic then we require that D contain at least two inhabitants of r; we 
specify that D contains the pair <r, 1> as well as the pair <r, 0>. Finally, 
if D contains the pair <r, a>, and r contains a class expression of the form 
f(s u . . .s„), where some s J is not E-atomic, then D contains the "predeces- 
sor" pair <£*, /($!,.. .3 n ) H-+ <r, a» where $,- is the first class expression 
among s u . . . s n such that s* is not E-atomic. 

There are several things worth noting about the semantic domain D. 
First, note that if r is a E-atomic type then the definition of D directly 
guarantees that <r, 0> is the only pair in D whose first component is the 
type r. Second, note that all elements of D are either of the form <r,0>, 
<r, 1> of <s*j, f(s u . . . s n ) ■-► <r, a» where f(s u . . . s n ) is a member of the 
type r. Finally, note that D can be infinite. More specifically, if s is a 
class expression in T such that E H (there-exists s), but s is not E-atomic, 
and E H (is s /(«)) for some function symbol /, then for each pair <s*, a> 
in the semantic domain D, the domain D will contain a "predecessor" pair 
<5*,/(5*) •-»• <s*,a». 

To complete the specification of the model of E we must give the in- 
terpretation of the constant, function, and predicate symbols. A constant 
c is interpreted to be the pair <c*,0>. A monadic predicate symbol P is 
interpreted to be the set of all pairs <r, a> where the type r contains the 
symbol P. A &-ary predicate symbol R is interpreted as the set of tuples 
«3j,0>,...<4_ 1 ,0>,<r,a» such that r contains the class expression 
i?(si, . . . s k -i). Finally, consider applying the function denoted by the symbol 
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/ to the arguments «t u ch>, . . . <r k , a k ». We will say that a particular 
argument <r t -, a(> determines / on the arguments «Ti, a x >, . . . <r fc , a k » 
if <r,-, a,-> is of the form <s* { , /(s 1? . . . s n ) »-* <a, /?» where for each Sj, the 
type s*j equals the type r,-. The definition of D implies that if <T;,a;> de- 
termines / on «r 1 , <*!>, . . . <T£, a k », then r,-, which is equal to sj, must 
be the first type in the sequence r u ...r n that is not E-atomic. This implies 
that there can be at most one argument <r,-,a t > that determines / on the 
tuple «Ti, ai>,.. .<r k ,a k ». If such an argument exists, we define the 
value of / on this tuple of arguments to be the pair <<r,/?> given by the 
distinguished argument. If there does not exist such an argument, then the 
value of / on these pairs equals <a, 0> where a is the union of all types of 
the form f(s u ...s k )* where each Sj is a member of the type Tj. The rules of 
obviousness for intersection-formulas ensure that a is a E-inhabitable T-type. 

Given the rules of inference listed in section 3 it is possible to prove that 
under this semantic interpretation the T-type of a pair <r,a> is, in fact, 
the type r. This is equivalent to the statement that for any class expres- 
sion s in T, the set denoted by s under this interpretation contains a pair 
<t, a> if and only if r contains s. This latter statement can be proven by 
structural induction on the class expression s. Consider a constant symbol 
c in T. First we show that if <r, a> is in the class denoted by c then c is a 
member of r. The constant c denotes the singleton class containing the pair 
<c*,0>. Inference rule 6 guarantees that E H (there-exists c) and therefore 
c* contains c. Next we suppose that c is a member of a E-inhabitable type r 
and show that any pair of the form <r, a> is contained in the class denoted 
by c. Inference rules 6 and 7 gaurantee that c is E-atomic and therefore c* 
is the only E-inhabitable type that contains c. Thus r must be c*. Fur- 
thermore, the type c* is E-atomic and therefore the only domain element 
whose first component is c* is the pair <c*,0>. Now consider a monadic 
class expression P in T. The class denoted by P is the set of pairs <r,a> 
such that r contains P so the result follows by definition. Applications of 
relations and functions are somewhat more complex. For application class 
expressions the result is proven using properties provided by the inference 
rules together with the assumption that the statement holds on the subex- 
pressions of the application in question. Most of the cases are not given 
here, but one particular case is worth noting. Suppose that /(si,.. .s n ) is 
a member of the type a. In this case we must show that all pairs of the 
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form <a,a> are members of the class denoted by f(s 1 ,.. .s n ). There are 
two subcases. First, suppose that each class expression si is E-atomic. Since 
each Si is E-atomic, inference rules 8 and 9 guarantee that f(s u . . . s„) is also 
E-atomic. Since f(si, ...s n ) is both E-atomic and a member of the type <r, 
a must be the type f(s u . . .s n )* and a must be 0. To show that <cr,a> is 
a member of the class denoted by f(s u ...s n ) it now suffices to show that 
the class denoted by f(s u ...s n ) contains the pair <f(s 1 , . . . s n )*, 0>. Since 
each Si is E-atomic, each expression s t - denotes the class containing the sin- 
gle pair <sj, 0>. The semantic definition of / specifies that in this case the 
value of the expression f(s u ...s n ) is the pair <r, 0> where r is the union 
of all types of the form f(t u ...t n ) where t { is a member of sj for each t t . 
But the type f(s u . . . s n )* is included in this union and thus r contains the 
class f(s u . . . s n )*. Since f(s u . . . s n ) is E-atomic, this implies that r equals 
/(si, • • -s n )* so the result holds. Returning to the second subcase, suppose 
that f(s u ...s n ) is a member of a but that there exists some s { that is not 
E-atomic. Let 5,- be the first such such non-E-atomic argument. The defi- 
nition of D guarantees that D contains a pair <s*, f(s u . . . s n ) t-» <<j, a». 
Since a contains f(s u ...s n ), E H (THERE-EXISTS /(«!,...«„)). Inference rule 
11 guarantees that E H (THERE-EXISTS 8j ) for each sj. Therefore 5^ con- 
tains sj for each type sj. By the induction hypothesis, the pairs <5^,0>,. 
< 3 h f( s ii • - • s n) »-> <v, a», . . . <sj, 0> are members of the classes denoted 
by 5 1? ... s n respectively. But the semantic interpretation of the function / 
guarantees that / applied to these arguments yields the pair «r, a> and thus 
the pair «r, a> is a member of the class denoted by /($i, . . . s n ). 

Given that the T-type of <r,a> is the type r, i.e., that <r,a> is a 
member of the class denoted by s if and only if s is a member of r, the 
definition of a E-inhabitable T-type implies several "default properties" of 
the semantic interpretation. More specifically, for any class expression s in 
T, if E 1/ (THERE-EXISTS s) then s denotes the empty set. Similarly, for any 
two class expressions s and t in T, if E 1/ (intersects s t) then the sets 
denoted by s and t are disjoint. Finally, if s is a class expression such that 
E H (THERE-EXISTS s), then if E 1/ (DETERMINED s) then s denotes a set with 
more than one element, and if t is in T and E 1/ (is s t) then the set denoted 
by s is not a subset of the set denoted by t. These default properties, together 
with inference rules 10 and 14, ensure that this semantic interpretation is a 
model of E. 
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6 Extended Rules of Obviousness 

To compare taxonomic and classical syntax more directly, we define two 
high-level proof systems: one based on classical syntax and one based on 
taxonomic syntax. The system based on taxonomic syntax is constructed 
from a modification of the decision procedure discussed in section 4. Section 8 
defines the high-level proof system based on taxonomic syntax. Given the 
specification for the taxonomic high-level proof system, the adaptation of 
that system to classical syntax is presented in section 10. 

The first step in defining the high-level proof system is to define a tech- 
nical notion of an obviously true statement. The obviously true statements 
are defined by certain rules of obviousness. Each rule of obviousness states 
that if certain antecedent facts are obvious then a certain conclusion is also 
obvious. The rules of obviousness contain many, but not all, of the inference 
rules needed for a complete inference system for first order taxonomic for- 
mulas. The rules of obviousness include all of the rules of section 3 together 
with certain additional rules specified in this section. These additional rules 
involve a set of variables T called the focus set. We write E, T f-o ijr jf there 
exists a derivation of # from the formulas in E using the extended rules of 
obviousness with focus set T. The notation E,^ ho F is analogous to the 
notation E ho F used above. 

In taxonomic syntax there are no explicit quantifiers in formulas; all taxo- 
nomic formulas are either atomic formulas or Boolean combinations of atomic 
formulas. Since there are no quantified formulas, no rules of obviousness are 
needed for quantified formulas. Class expressions, on the other hand, can 
involve quantifiers. Figure 2 gives rules of obviousness for such- that class ex- 
pressions. Intuitively, the rules of obviousness for such- that expressions only 
allow the such-that quantifier to be instantiated with focus objects. The re- 
striction of the instantiation of quantifiers to focus objects makes it possible 
to write a procedure for determining obviousness. 

Rule 24 can be derived from rules 22 and 23. For example, suppose y 
and z are focus objects such that one can derive (is z y) and $(?/). In this 
case rule 22 allows one to derive (is y (A-Thing x s .T . $(*))). By transitivity 
one can derive (IS z (A-Thing x S .7 . $(x))). Finally, by rule 23 one can derive 
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(21) (IS (s x S.T. $(*)) s) (23) (IS y (s x S.T. $(*))) 



( 22 ) (IS y s), <*(y) (24) (IS Zl Vl ) . . . (IS z n y n ), *( yi . . . y n ) 

(IS y (szS.T. *(*))) *(*!,...*„) 



Figure 2: The inference rule for such-that class expressions. The variables y, 
yi, and Z{ must be members of the focus set J 7 . 4 

$(z). Thus, it would appear that rule 24 is unnecessary. However, rule 24 
is needed in constructing a decision procedure for the extended rules. More 
specifically, the decision procedure uses label propagation on a finite network. 
Rule 24 allows certain inferences on the finite network that would otherwise 
not be performed unless the network were extended to include additional 
such-that class expressions. 

In addition to the above rules for such-that expressions, the extended 
rules of obviousness include rules for Boolean connectives. We assume that 
all Boolean formulas are constructed using the connectives OR and NOT. The 
rules of obviousness for Boolean formulas are listed in figure 3. 

Inference rules 25 through 31 are not complete for Boolean inference. For 
example, rules 25 through 31 cannot be used to deduce \P from (OR $ tf) and 
(OR (NOT S) ¥). Intuitively, the rules do not allow for case analysis. The rules 
are designed so that the inference relation generated by the rules is both 
reasonably powerful and quickly decidable. 

Note that rule 31 can be derived from rules 25 and 28. More specifically, 
suppose that one can derive both tf and (NOT *). In this case, rule 25 allows 
one to derive (OR tf $). Rule 28 then allows one to derive $. Thus it would 

4 We use the notation $(y ls . . .y n ) as an abbreviation for &[yi/w u . ..y n /w n ], i.e., the 
simultaneous substitution of y t for all free occurences of w t in the expression $ with 
appropriate renaming of bound variables. Note that in rule (24) both Vi and Wi may occur 
free in $ and so the expression $( Zl , ...z n ) may include y,- as a free variable. 
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(25) (OR $ ¥), (NOT $) (28) <P 
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Figure 3: Rules of Obviousness for Boolean formulas. 

appear that rule 31 is not needed. However, the decision procedure for the 
inference relation is implemented as label propagation on a finite network. In- 
ference rule 31 allows for the derivation of labels that would not otherwise be 
derivable unless the network were expanded to include certain disjunctions. 
In practice, of course, the propagation process can be terminated whenever 
a contradiction is discovered. 

Before giving a label-propagation decision procedure for these rules, some 
additional terminology is needed. In the following definitions E is taken to 
be a fixed but arbitrary set of formulas, T is a fixed but arbitrary set of 
variables (called focus objects), and ^ is a fixed but arbitrary formula. 

Definition: An extended label formula for a set T of expres- 
sions is either a formula that is a member of T, the negation 
of a formula that is a member of T, or a formula of the form 
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(THERE-EXISTS s), (DETERMINED s), (IS s t), OT (INTERSECTS s t) where 

s and t are class expressions that are members of T. 

Definition: A set of expressions T (containing both class ex- 
pressions and formulas) is said to be closed over E, T and W 
if 

• T contains A-Thing, 

• T contains * plus every member of E and T, 

• every subexpression of every member of T is also a member 
of T, 

• and for every such-that class expression (s x S.T. $(*)) in T, 
and every variable y in T, the formula $(z/) is also in T. 

Definition: For any set of expressions T we write E,^ H T \I> if 
there exists a derivation of $ using the extended rules of obvi- 
ousness such that every formula in that derivation is an extended 
label formula of T. 

Definition: We write E,.F H # if E,^ Hr# where T is the 
least set of expressions closed over E, T, and \I>. 

It is possible to show that, as long as E and T are finite, the least set 
of expressions closed over E, T and $ is also finite. More specifically, the 
number of expressions in the least set closed over E, T, and ^ is no larger 
than 1 + \F\ + [r] + [r]|JF|0 where Y is the set E U {* }, [r] is the number of 
expressions that are either members of T or appear in members of T, \T\ is the 
number of elements of T, and Q is maximum level of quantifier nesting that 
appears in V. In practice the level of quantifier nesting remains small (three 
or four) and the size of the least set closed over E, T and # is usually much 
smaller than this worst-case bound. Note that if an upper bound is placed 
on both the number of focus objects and the maximum level of quantifier 
nesting, then the size of the least set closed over E, T and $ remains linear 
in the size of E U {#}. 

For any finite set T one can determine whether or not E, T H T ^ using a 
label propagation procedure on a network representing the set T. Unlike the 
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network described in section 4, the network used for the extended rules of 
inference contains nodes that represent formulas as well as nodes that rep- 
resent class expressions. A data structure that represents a formula must be 
updated whenever that formula is derived using the rules of obviousness, and 
updated in a different way whenever the negation of the formula is derived. 
An analysis similar to that given in section 4 shows that the propagation pro- 
cess can be implemented in a way that requires at most 0(n 3 ) time where 
n is the number of expressions in T, assuming that hash table lookups take 
constant time. As discussed in section 4, there is no loss of generality in 
assuming that applications involve at most two arguments. 

We have not yet ruled out the possibility that the unbounded inference 
relation ho may be more powerful than the inference relation H denned by the 
bounded label-propagation mechanism, i.e., it seems possible that E,^* ho VJ/ 
and yet E,^ \/ W. It turns out, however, that the bounded relation is as 
powerful as the unbounded relation and thus the decision procedure for the 
bounded relation is also a decision procedure for the unbounded relation. 
The proof of this fact is presented in the following section. 



7 Correctness of the Extended Decision Pro- 
cedure 

The claim that for finite E and T one can determine whether or not E, T ho ^ 
rests on the claim that the relation ho is the same as the restricted relation K 
Since both of these relations are semantically sound, and H is clearly a sub- 
relation of ho, it would be sufficient to show that H is semantically complete. 
Unfortunately, neither H nor ho are semantically complete — the semantic 
entailment relation for full taxonomic syntax is undecidable. Since no purely 
semantic proof is possible, we give a syntactic proof that that H is the same 
as ho. 

Suppose that E,^" 1/ #. By the definition of H, this implies that E,JF \f^i 
where T is the least set closed over E, T and #. To prove that T,,T \fi \J/, 
it suffices to prove that E,^* \fa,V for any finite extension T' of T. This can 
be established by expanding T one expression at a time. 
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Definition: A one step ^-extension of a set T is an expression 
a that is either 

• a monadic predicate symbol, 

• a constant symbol, 

• a variable, 

• an atomic formula that is a label formula of T, 

• the negation of a formula in T, 

• a disjunction of two formulas in T, 

• an application R(s u ...s n ) where R is either a relation or 
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function symbol and each s; is a class expression in T, 

a such-that expression (sarS.T. $(x)) where s, x, and $(x) 
are all members of T and for each y in T, $(y) is a member 



of T. 



If T is closed over E, T and ^, and a is a one step ^"-extension of T, then 
TU{a} is also closed over E, T, and #. Furthermore, as long as the focus set 
T is finite, the set T can be extended by a series of one step ^-extensions to 
include any desired expression. 5 Thus, it suffices to prove that if Y>,T l/ T # 
where T is closed over E, T, and tf , and a is any one step ^"-extension of T 
thenE,^^ u{a} W. 

Now consider an arbitriary set T that is closed over E, F, and # such 
that E,^ l/rtf, let abea one step ^"-extension of T, and let T' be the set 
T U {a}. We must prove that E,T l/ptf. For the purposes of this proof we 
define a new label formula to be an extended label formula of T' that is not 
an extended label formula of T. The label formulas of T will be called old 
label formulas. We say that an old label formula was already derivable if 
E, T hr 0. We say that an extended label formula of V, either new or old, 
is newly derived if was not already derivable and E,^* faO. Since T is 
closed over E, T, and #, the formula tf must be a member of T and thus # 

5 Although we are only interested in the case where T is finite, the relations H> and H 
are well defined for infinite focus sets. One can prove that even for infinite focus sets these 
two relations are the same. If T is infinite, one must consider transfinite sequences of one 
step ^"-extensions. 
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is an old label formula. To show that E, T l/p\I>, it suffices to prove that no 
old label formula is newly derived, or equivalently, that every newly derived 
formula is a new label formula. 

In proving that every newly derived formula is a new label formula we can 
assume that a is not a member of T and that we cannot derive a contradiction 
by label propagation on T, i.e., there is no $ such that both $ and (NOT $) 
were already derived (if a contradiciton is already derivable then all old label 
formulas are also already derivable). Consider the kinds of expression that 
a might be. If a is a monadic predicate symbol then an examination of the 
inference rules shows that the only newly derived formula is (IS a a). If a is a 
constant symbol or a variable then a similar examination of the inference rules 
shows that the only newly derived formulas are (IS a a), (THERE-EXISTS a), 
(DETERMINED a), and (INTERSECTS a a). The other cases are more complex. 

Suppose a is an atomic formula that is a label formula of T. In this case 
the formula (NOT a) becomes a new label formula. In fact, it is the only new 
label formula. None of rules 1 through 22 can derive a non- atomic formula 
and thus none of these rules can be used to derive (NOT a). To see that rule 
23 cannot derive (NOT a) note that since T is closed over over E, F, and #, 
for any such-that class expression (siS.T. $(a?)) in T and any y in T the 
formula $(y) must be in T and thus $(y) cannot be the new label formula 
(NOT a). Skipping over rule 24 for the moment, we note that rules 25, 26 and 
29 fail to derive (NOT a) because (NOT a) is not contained in any Boolean label 
formulas. Rules 27, 28, and 30 cannot derive negations. Finally, rule 31 does 
not apply because, by assumption, no contradiction can be derived by label 
propagation on T. Thus, the only way of deriving (not a) is with inference 
rule 24. In this case a must be of the form $(?/) where y is a member of T 
and there must exist some z in T such (IS y z) and (NOT $(*)) were already 
derivable. We must show that if (NOT a) is derived with inference rule 24 
then no old label formulas can be newly derived. A syntactic analysis of the 
rules, using the observation that a does not appear as a proper subformula 
of any formulas in T', shows that the only inference rules that can use (NOT a) 
as a premise are inference rules 10, 14, 24 and 31. The only way inference 
rule 31 could apply is if the formula $(y) was already derivable. In this case 
inference rule 24 ensures that $(z) was already derivable. But this violates 
the assumption that no contradiction was already derivable. If some instance 
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of rule 10 or 14 can be used to derive an old label formula Q(y) from the 
premise (NOT $(y)), then the formula Q(z) must already have been derivable 
by the same rule. In this case the formula Q(y) must already have been 
derivable from Q(z) by inference rule 24. 

The cases where a is either the negation of a member of T or the disjunc- 
tion of two members of T are similar to the case where a is an atomic label 
formula and will not be discussed in detail here. It remains only to consider 
the two cases where a is a class expression other than a constant or monadic 
predicate symbol. Suppose that a is an application R(s u . . . s n ) where each 
class expression s { is a member of T. In this case the new label formulas are 
all atomic formulas involving the class a. We wish to show that all of the 
newly derived formulas are new label formulas. To show this we show that 
the inference rules maintain the following invariants: 

• Every newly derived formula is a new label formula. 

• If (IS a t) is newly derived where t is in T, then either (is A-Thing t) 
was already derived, or there exists a class expression R(w u . . .w n ) in 
T such that (is s,- Wi ) was already derived for each w { and the formula 
(IS R(wi, . . .w n ) t) was also already derived. 

• If (IS t a) is newly derived where t is in T, then either: 

1. T contains a class expression R(w u ...w n ) such that (is Wi *,-) was 
already derived for each w { and (IS t R(w u ...w n )) was also already 
derived, or 

2. there exists a class expression t' in T such that (DETERMINED t') and 
(IS t t') were already derived, and (INTERSECTS t' a) will be newly 
derived. 

• If (THERE-EXISTS a) or (INTERSECTS a a) is newly derived, then either 
R is a function symbol and (THERE-EXISTS s { ) was already derived for 
each s^ or there exists some members t and R(w 1 , . . . w n ) of T such 
that (THERE-EXISTS t) and(is t R(w u ...w n )) were already derived, and 
(IS R(wi, ...w n ) a) will be newly derived. 
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If (DETERMINED a) is newly derived, then either R is a function sym- 
bol and (determined «,-) was already derived for each s,- or there ex- 
ists some member t of T such that (is a t) will be newly derived and 
(determined t) was already derived. 

If (INTERSECTS a t) or (INTERSECTS t a) is newly derived, where t is in T, 
then either (IS A-Thing t) was already derived and (THERE-EXISTS a) will 
be derived, or there exists a class expression R(w 1 , . . .w n ) in T such 
that either: 

1. R is a function symbol, and the formulas (INTERSECTS w x *i), .. . 
(INTERSECTS w„ «„), and (is R(w u ...w n ) t) were already derived, or 

2. formulas (IS Wl «i), ... (IS w n s n ), and (INTERSECTS R(w u ...w n ) t) 
were already derived. 



Since all new label formulas are atomic formulas not contained in any 
Boolean formulas in T, none of the Boolean rules apply (i.e., none of them 
can fire as long no old label formulas are newly derived). The definition of 
closure over E, T, and # ensure that rules 21, 22, and 23 do not apply. Thus 
we need only check these invariants for inference rules 24 and 1 though 20. 
We will spare the reader the laborious case analysis necessary to verify that 
these rules maintain the above invariants. 

Now suppose that a is a such-that class expression (sxS.T. $(x)). This 
case is similar to the case where a is an application; we show that the infer- 
ence rules preserve a certain set of invariants. To state the invariants that 
are preserved in this particular case we first define an a-witness to be an 
element y of the focus set T such that E,^ 7 br(is y s) and E, T hr$(y). For 
any a-witness y inference rule 20 gurantess that the formula (is y a) will be 
newly derived. Given the notion of an a-witness, the invariants maintained 
by the inference rules can be concisely stated as follows: 

• Every newly derived formula is a new label formula. 

• If (IS a t) is newly derived and t is in T then (is s t) was already 
derived. 
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If (IS t a) is newly derived and t is in T then there exists an a- witness 
y such that (is t y) was already derived. 

• If (THERE-EXISTS a) or (INTERSECTS a a) is newly derived then there exists 
an oi-witness. 

• If (DETERMINED a) is newly derived then (DETERMINED s) was already de- 
rived. 

• If (INTERSECTS t a) or (INTERSECTS a t) is newly derived and t is a member 
of T then there exists an a-witness y such that (is y t) was already 
derived. 

As in the previous case, all of the new label formulas are atomic formulas 
that do not appear in any Boolean expressions that are members of T. This 
implies that none of the Boolean rules apply. We again spare the reader the 
laborious case analysis necessary to verify that rules 1 through 24 preserve 
the above invariants. 

This completes our presentation of the proof that H is the same as ho. 
This result can be summarized in the statement that the restricted relation 
H is syntactically complete relative to the unrestricted relation ho. The proof 
involves a fairly long case analysis most of which has not been explicitly given 
here. This is unfortunate because many of the inference rules and definitions 
presented in this paper are motivated by the desire that H be syntactically 
complete relative to ho. The long case analysis required to prove the syntactic 
completeness of H obscures the role played by particular inference rules and 
definitions. In spite of considerable effort, we have not been able to find a 
more concise proof of the equivalence of H and ho. 



8 A High- Level Proof System 

A high-level proof is a series of lines where each line contains a "sequent" of 
the form Sh$ where £ is a set of formulas and $ is either a formula or the 
special token F. 6 . The lines of a high-level proof are divided into two kinds: 

6 A more "user-friendly" syntax for high-level proofs is given in [McAllester, 1989] 
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syntactically derived lines and unjustified lines. A syntactically derived line 
is a line that can be derived from previous lines using one of the following 
five high-level proof rules. Each high-level proof rule is a form of universal 
generalization. 7 The need to include rules of universal generalization in the 
high-level proof system will be discussed further in the presentation of the 
high-level completeness proof (section 9). In the following rules x, and each 
Xi, must be a variable that does not appear free in any formula in S or in 
any of the class expressions s, t or s,-. In the last rule z must be a variable 
but there are no restrictions on where z can appear, e.g. z may appear free 
in E or any s,-. 

E I- (NOT (is x s)) 



£ h (NOT (THERE-EXISTS s)) 

£ U {(IS a?! s), (IS x 2 s)} h (IS *i x 2 ) 
£ h {(DETERMINED s)} 

£U{(IS x s), (IS if)}hF 
£ h (NOT (INTERSECTS s t)) 

£U{(IS x s)}h(lS x t) 
E h (IS s t) 

EU{(IS Xl Si),...(lS x n s n )}h(NOT (IS z R(x u ...x n ))) 
Eh (NOT (IS z R( Sl ,...s n ))) 

A line of a high-level proof that is not derived from previous lines using 
one of the high-level generalization rules is called an unjustified line. Each 

7 In a user-friendly version of the high-level proof system, each high-level rule of uni- 
versal generalization appears in its contrapositive form; rather than derive a universal 
statement from a statement about an arbitrary individual, the user-friendly high-level 
system allows one to introduce witnesses based on existential statements. 
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unjustified line in a high-level proof must be explicitly associated with a set 
of variables called the focus set of that line. Consider an unjustified line 
£ h $ with associated focus set T. Intuitively, each unjustified line must 
obviously follow from previous lines in the proof. Let E' be E plus all formulas 
previously proven to follow from E, i.e., all formulas W such that the proof 
contains an earlier line of the form rh$ where T is a subset of E. An 
unjustified line Sh$ with associated focus set T must follow from previous 
lines. More specifically, if $ is the constant F, then we must have E', T h° F. 
If $ is some formula other than F, then we must have E' U {(NOT $)}, T h F. 

It is important to be able to quickly determine if a series of high-level 
proof lines is acceptable, i.e. that each unjustified line satisfies the condi- 
tion specified above. The cost of determining the acceptability of a given 
unjustified line is quite sensitive to the size of the focus set T associated 
with that line. The high-level completeness theorem given in the following 
section shows that if a formula $ semantically follows from a set of formulas 
E then there exists a high-level derivation of the sequent E h $ such that 
each unjustified line involves at most one focus object. However, proofs can 
be made much shorter by allowing unjustified lines to be associated with 
more than one focus object. Thus there is a trade-off between proof length 
and the time required to machine verify the proof: short proofs, in which 
unjustified lines have many focus objects, take longer to machine verify than 
longer proofs in which unjustified lines are associated with fewer focus ob- 
jects. In the proof of the Stone representation theorem from the axioms of set 
theory, described in [McAllester, 1989], unjustified lines involved up to ten 
focus objects. It is possible to show that the size of the network generated 
in determining \iY,T ho F is, in the worst case, 0([r]|^*| Q ) where [r] is 
the number of expressions that are either members of T or appear in some 
member of T, \f\ is the number of elements of T, and Q is the maximum 
level of quantifier-nesting that appears in any formula In V. In practice the 
maximum level of quantifier nesting remains small and, as a rule of thumb, 
the size of the network appears proportional to [rjl^l 3 . 
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9 High-Level Completeness 

Throughout this section we only consider high-level proofs in which unjus- 
tified lines have at most one focus object. It turns out that this restricted 
high-level proof system is semantically complete for first order taxonomic 
formulas. More specifically, if a formula $ semantically follows from a set of 
formulas E, then there exists a high-level proof that ends with the line Eh$ 
and in which every unjustified line has at most one focus object. To prove this 
result one can first observe that there exists a high-level derivation of E h $ 
if and only if there exists a high-level derivation of E U {(NOT $)} h F. To 
prove this it suffices to observe that, given a high-level derivation of E h $, 
the line E U {(NOT $)}hF can be immediately added as an unjustified line 
with an empty focus set. Similarly, given a derivation of E U {(NOT $)} h F, 
the line Eh$ can be acceptably added without justification. To prove the 
high-level system is complete, we assume that there is no derivation of E h $ 
and we show that in this case there exists a model of E in which $ is false. 
If there is no derivation of S h $ then there must not be any high-level 
derivation of E U {(NOT *)} h F. To prove that there exists a model of E in 
which $ is false, it now suffices to show that, for any set of formulas T, if 
there is no derivation of T h F, then there exists some model of I\ 

Suppose that there is no derivation of T h F. One can construct a 
model of T using techniques analogous to those used in standard proofs of 
first order completeness. For simplicity we assume that the set of constant, 
function and predicate symbols in the language is countable and that there 
is a countably infinite set of variables. In this case one can enumerate all 
taxonomic formulas in an infinite sequence 1? 2 , 3 . . .. 8 Given that there 
is no derivation of T h F, one can then construct an infinite sequence of sets 
of formulas Q u H 2 , ft 3 . . . by setting 1^ equal to T and defining Q j+1 as 
follows: 



1. If there exists a derivation of fy h (NOT 6,-) then set Q j+1 equal to fy. 

2. If there is no derivation of fy h (not 0,-), and 0, is a formula of the 



8 The completeness proof can be modified to handle uncountable languages, in which 
case one constructs a transfinite enumeration of formulas. 
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form (THERE-EXISTS «), then let x be some variable that does not appear 
in s or Qj and set fl j+1 to be Q,j U {0j, (is x s)}. 

3. If there is no derivation of Qj h (not ; ), and Qj is a formula of the 
form (NOT (determined «)), then let x and y be variables that are not free 
in s or ttj and set Q j+1 to be Hj U {0j, (IS x s), (is y *), (not (is * y))}. 

4. If there is no derivation of Clj h (NOT 0,), and 0; is a formula of the 
form (INTERSECTS s t), then let x be some variable that does not appear 
free in s, t or Qj and set ft J+1 to be Qj U {0^, (is x s), (is x t)}. 

5. If there is no derivation of ftj h (NOT ; ), and 0, is a formula of 
the form (NOT (is s t)) where s is not a variable, then let x be some 
variable that does not appear free in s, t or fy and set Ct j+1 to be 
^ U {e^fis x «),(iot (IS x <))}. 

6. If there is no derivation of fy h (NOT 0,) and Sj is a formula of the form 
(IS x #(s!,...s n )) where z is a variable, then let y u . . . y n be variables 
that do not appear free in Qj or in any of the class expressions Sj, and 
set n j+1 equal to % U {0 i? (IS x R(y 1 ,...y j )),(IS Vl «!>,... (IS y n «„)}. 

7. If none of the above conditions apply, then set tt j+1 equal to Qj U {0j}. 

Given the high level proof rules introduced in the previous section, one 
can show that each Qj is a finite set of formulas that contains T and that there 
does not exist any derivation of fy h F. Steps 2, 3, 4, and 5 ensure that, if 0, 
is an existential statement that is a member of Q j+1 then there are variables 
that act as witnesses to 0; in Q j+1 . For example, if 0; is (THERE-EXISTS s) and 
0j is a member of ft i+1 , then there is some variable x such that Q j+1 contains 
the formula (is x s). Steps 2, 3, 4, 5, and 6 in the above specification directly 
correspond to the five high-level generalization rules presented in section 8. 
For each of these steps, the proof of the consistency of the newly constructed 
set Q j+1 relies on the existence of the corresponding high-level generaliza- 
tion rule. Thus, the generalization rules in the high-level proof system are 
needed because they indirectly allow the introduction of witnesses for exis- 
tential statements. In a user-friendly high-level proof system the high-level 
generalization rules can either be used directly or used in the contrapositive 
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form where they allow the introduction of new witnesses to previously proven 
existential statements. 

Now let ft be the union of all sets ftj. It is possible to show that ft is both 
consistent and complete. More specifically, for any formula # exactly one 
of the two formulas # and (NOT tf) is contained in ft. Furthermore, one can 
show that the set of formulas ft is closed under all of the rules of obviousness 
where the rules for such-that expressions are no longer restricted to focus 
objects. 

One can now define a first order structure whose domain consists of equiv- 
alence classes of variables. More specifically, for any variable x we define \x\ 
to be the set of variables y such that the formula (is x y) is a member of ft. 
The rules of obviousness for is-formulas ensure that these sets form equiva- 
lence classes of variables. We take the domain of the first order structure to 
be the collection of equivalence classes of the form \x\. It is now possible to 
define an interpretation of the variables, constants, functions, relations, and 
predicate symbols such that the semantic value of a class expression s equals 
the set of classes \x\ such that the formula (is x s) is a member of ft and such 
that, for every formula #, the semantic interpretation makes ^ true just in 
case ^ is a member of ft. This provides an interpretation of T. Thus one can 
establish that if there is no derivation of T h F then there exists a semantic 
interpretation of T, and similarly, if there is no derivation of E h $, then 
there exists an interpretation of E in which $ is false. 



10 Taxonomic vs. Classical Syntax 

To compare taxonomic and classical syntax we consider a high-level proof sys- 
tem analogous to the one defined in section 8 but based on classical rather 
than taxonomic syntax. A high-level proof in the system based on classical 
syntax is also a series of lines where each line is "sequent" Eh $. Like 
the taxonomic system, the classical system is based on an obviousness rela- 
tion ho and the high-level proof system allows unjustified lines where each 
unjustified line must be explicitly associated with a set of variables called 
the focus set for that line. The conditions under which an unjustified line is 
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acceptable are identical in both the taxonomic and classical systems except 
that the two systems are based on different obviousness relations. Although 
the obviousness relations underlying the two systems are different, each of 
the two obviousness relations is defined by a set of inference rules called rules 
of obviousness. 

In the classical system the rules of obviousness presented in section 3 are 
replaced by the standard rules of inference for equality: reflexivity, symmetry, 
transitivity, and rules that allow the Substitution of equals for equals in terms 
and atomic formulas. These rules of inference for equality are complete for 
classical literals: if the rules cannot derive a contradiction form a set of first 
order literals, then the set of literals is satisfiable. 

The rules of obviousness that involve Boolean connectives are exactly the 
same in both the taxonomic and classical systems. In the classical system, 
we assume that the only quantifier is the classical universal quantifier V. The 
three taxonomic rules of obviousness involving such-that class expressions are 
replaced, in the classical system, by the following single rule of obviousness. 
In the following rule y must be a variable in T. 

^x${x) 



*(y) 



The five high-level taxonomic generalization rules are replaced, in the 
classical system, by the following single high-level generalization rule. In the 
following rule x must be a variable that does not appear free in E. 



E h $(a?) 



E h Vx$(x) 



Unlike taxonomic syntax, the classical rules of obviousness involving focus 
objects make the relationship between focus objects and previously proven 
lemmas explicit; the rules of obviousness allow any previously proven univer- 
sal lemma to be applied to any focus object. In the taxonomic system, a for- 
mula of the form Vx$(x) is represented by (is A-Thing (A-Thing x S.T. #(x))). 
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If y is a focus object then the taxonomic rules of obviousness allow the 
derivation of (is y A-Thing) and given the above is-formula, one can derive 
(IS y (A-Thing x S .T . $(*))). The rules of obviousness for such-that expres- 
sions then allow the derivation of $(y). Thus, the above classical rule of 
universal instantiation for focus objects is subsumed by the taxonomic rules 
of obviousness. In fact, all of the methods of deriving new lines in the clas- 
sical high-level proof system are subsumed by methods of deriving new lines 
in the taxonomic high-level proof system. This claim can be formalized by 
giving a procedure for translating any proof in the classical high-level system 
into a corresponding proof in the taxonomic system. 

For any classical first order formula $, the taxonomic translation, T($) 
of the formula $ is defined by structural induction on $. If $ is an atomic 
formula of the form R(s u ...s n ) then T($) is the atomic taxonomic for- 
mula (IS s n fl(si,...s n _i)). T((OR ¥)) equals (OR T(0) T{9)) and T((NOT ¥)) 
equals (not T(¥)). If $ is a universal formula VxV(x), then T($) is the 
formula (is A-Thing (A-Thing x s .T . T(*(x)))). For any set E of classical first 
order formulas, T(E) is the set of taxonomic formulas of the form T($) for 
some * in S. If P is a high-level proof in the classical high-level proof 
system, then T(P) is the sequence of lines derived by translating each un- 
justified line E h $ in P to an unjustified line T(E) h T($) leaving the 
focus set of the line unchanged, and translating each universal generalization 
line E h Vx$(x) to an unjustified line of the form T(E) U {(IS x A-Thing)} h 
(IS x (A-Thingx S.T. $(*))) with focus set {x} followed by the generalization 
line T(E) h T(Vx*(x)). 

Taxonomic Domination Theorem: The taxonomic proof sys- 
tem dominates the classical proof system in the sense that for any 
acceptable high-level proof P in the classical system, the proof 
T(P) is acceptable in the taxonomic system. 

Intuitively, the proof rules of the taxonomic system include the proof 
rules of the classical system as a special case. This is not a surprising result 
and is not difficult to prove. We conjecture, however, that the converse of 
this theorem does not hold, i.e., the taxonomic high-level proof system is not 
subsumed by the classical high-level proof system. 
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Strict Domination Conjecture: For any (large) constant k 
there exists a classical first order formula $ and a taxonomic 
proof P of T($) such that the shortest proof of $ in the classical 
high-level proof system has length greater than k times the length 
of P. 



If this conjecture is true, then there would exist a first order statement and 
a taxonomic proof of that statement such that the shortest classical proof is, 
say, a hundred times longer than the taxonomic proof. 



11 Conclusion 



We have defined a taxonomic syntax for first order predicate calculus and 
have presented several technical results describing computational properties 
of this syntax. Quantifier-free taxonomic literals are more expressive than 
literals of classical first order logic and yet there exists a polynomial time 
decision procedure for determining the satisfiability of a set of quantifier-free 
taxonomic literals. We have also investigated the value of taxonomic syntax 
in general theorem proving. We have define high-level proof systems for 
both taxonomic and classical systems and shown that the taxonomic system 
subsumes the classical system. Furthermore, we conjecture that the reverse 
is not true, i.e., that there exist high-level taxonomic proofs such that any 
classical high-level proof of the same result is much longer. 
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